Feds Pushing For New Legally Required Wiretap Backdoor To All Internet Communications

from the unintended-consequences... dept

The unfortunate, if not surprising, news story making the rounds today is that the feds in the US are looking to pass new laws to legally require a wiretap backdoor in every kind of internet communication offering. Yes, you read that right. If there's any way to communicate online, the US government is demanding the right to be able to wiretap it. Any company that doesn't comply will face fines. This despite the long history of the US government massively abusing its wiretapping privileges repeatedly throughout history.

And, yes, this would supposedly apply to non-US communications services as well:

Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.

Yeah, that'll go over well. It's difficult to see how this is any different than foreign governments demanding access to others' communications as well. It's pretty ridiculous for President Obama to talk about open internet principles to the UN, while cooking this up at the same time. Pushing for this also means that the US will have no excuse when the governments of Iran, China and elsewhere also demand backdoors into all US-based communications.

And, really, that's the biggest problem with this law. Beyond the inevitable privacy violations by the feds, putting backdoors into communications technologies guarantees that those backdoors will be used by others (outside of the federal government) to snoop on communications. The FBI and the NSA (who are pushing for this) are being totally and completely naive if they think that they're the only ones who will use this. We've pointed out in the past how large scale surveillance systems mean large scale security risks, and this is no different. We showed how a similar surveillance system in Greece was hacked into to spy on government officials. US officials should be aware that they're opening themselves up to these same potential risks.

And, the simple fact is: this won't help and it won't matter. The people who really want to communicate secretly will still use tools to communicate secretly. The feds are (once again) being naive to think that such tools won't exist and won't be widely known and widely utilized. Instead, all this will do is open up everyone else to abuse of the system by other governments, organized crime, people with malicious intent and (of course) the US government.

Subject

Everything that exists right now already has back doors. It's just that the government wants to make it easier.

My concerns are exploits. It would not be long before hackers find these exploits and start using this for their own gains. Not to mention letting it loose on the internet and having every psycho, sicko and pedophile spy on any one they choose. It can also be turned against the government officials and lawmakers themselves by domestic and foreign spies.

Yep. Let them pass this. It will cause chaos and then higher grade encryption, stricter firewalls and computers operating systems that do not comply with their crap.

The really serious issue will be whether this will include banking transaction messages. Assuming, just like every other attempt at secure encryption (or DRM, etc), this will be hacked in about 5 nanoseconds. Then, if financial transactions also have a backdoor, then the 2008 banking crisis will seem like an insignificant blip on the radar when the entire global financial transaction messaging system becomes vulnerable to hackers.

GNU Telephony Statement on new Internet Surveillance Laws

Speaking on behalf of the GNU Telephony project, we do intend to openly defy such a law should it actually come to pass, so I want to be very clear on this statement. It is not simply that we will choose to publicly defy the imposition of such an illegitimate law, but that we will explicitly continue to publicly develop and distribute free software (that is software that offers the freedom to use, inspect, and modify) enabling secure peer-to-peer communication privacy through encryption that is made available directly to anyone worldwide. Clearly such software is especially needed in those places, such as in the United States, where basic human freedoms and individual dignity seem most threatened today.

In the United States the 4th amendment did not come about simply because it was impractical to directly spy on everyone on such a large scale. Nor does it end simply because it may now be technically feasible to do so. Communication privacy furthermore is essential to the normal functioning of free societies, whether speaking of whistle-blowers, journalists who have to protect their sources, human rights and peace activists engaging in legitimate political dissent, workers engaged in union organizing, or lawyers who must protect the confidentiality of their privileged communications with clients.

However, to fully appreciate the effect of such surveillance on human societies, imagine being among several hundred million people who wake up each day having to prove they are not a “terrorist” by whatever arbitrary means the government has decided to both define the terms of such a crime and whatever arbitrary methods unknown to you that they might choose to define you as such, and where even your prosecution is carried out under the immunity of “state secrets” that all police states use to abuse of their own citizens. Such a society is one who’s very foundation is built on the premise of everyone being guilty until proven innocent and where due process does not exist. It is the imposition of such a illegitimate society that we choose to openly oppose, and to do so in this manner.

If secure encryption is outlawed...

Because outlawing software that terrorists use is clearly going to make it go away.

This isn't like a situation where making certain firearms illegal actually lowers the amount of people who end up acquiring them. This is zeroes and ones we're talking about. Making certain combinations of zeroes and ones illegal will have literally no effect on their availability, especially to criminals and terrorists.

More Revenue

Man they are tricky little bastards, they could care less about national security. This is simply a money grab from a government about to spend itself into oblivion. They know full well that most companies aren't going to redesign their entire system just to implement a huge security flaw. So the government will simply offer them a small "monthly fee" for not doing so. Now multiply that fee by the thousands upon millions of internet based communication systems/software and in the words of Will Smith, "CHA-CHING!"

Pfft

How the hell are they going to enforce it? Lets say that all the communication companies say... NO. What exactly are we going to do? We don't own the internet, we can't just say who will and will not be allowed. What about other countries? They can and will demand the same thing! Then what?

Re: Biden strikes again

"The sooner Obama gets rid of this clown, the better."

Wow. I love people who say silly stuff like this. AS if this is a course of action that is going to happen, or even would. See also all the "impeachment" whiners, and that goes for either side's (Bush or currently Obama) president. Dont you people get it? It takes an EXTRAORDINARY (with emphasis on the EXTRA) set of circumstances for a sitting president to turf out his VP, or get any of them on trial and kicked out via impeachment. It just doesnt happen, yet the call goes forth from the Neocon crowd with EVERY presidency, and twice as loud if they are Dems. Look at your history, and see how many presidents have been actually removed from office, let alone been subject to an impeachment trial (hint: you can count them on less than 1 hand). All the whining in the world isnt going to make it happen. Spend your energies on something that IS possible, like voting out incumbents, and getting better people in office. This "get rid of him/impeach him" rhetoric is just pissing in the wind.

Re:

Don't forget about the money, they love themselves a side of money to go with that heaping helping of control. Although, I suppose they can always just print more money. I mean, who cares what happens to the economy as long as they get to do what they want, right?

Re: Re: Biden strikes again

I agree for the most part, but your suggestion on what is possible seems a little faulty, as it doesn't take into account how ineffective the voting process actually is nowadays, especially with e-voting machines ladled with terribad security and which can be easily compromised to deliver whatever result is desired by those in office.

Not to mention that the corporations own both parties anyway, so the choice of candidate really doesn't matter. They both report to the same boss. We can't fight them like that, on their ground. Part of winning a battle is in choosing the battlefield, I think. And I think we have to keep it in here in the digital as much as possible, because it is here online that we have the advantage.

It is here online that the money and power of the corporatocracy is meaningless, because whatever technological measures they implement can and will be hacked and circumvented. It is here that any attempts at control and secrecy that they make are rendered useless and ineffective, simply by the very nature of the internet and the web. And so I think it is here that we should stand against them, on ground of our choosing, and show them just how impotent they really are in the grand scheme of things.

I think that Mike Masnick and also David Sugar made it very clear why living in a surveillance society without any ways how to communicate securely would be a bad thing. So the only question remains - how do we protect ourselves from totalitarian governments (and if that bill is passed I would have to add US government to my list of totalitarian governments) snooping on everything we do online?

What exactly can US government do to enforce such law?

1. They can threaten or punish a person or a company producing any technology that allows secure communication (let's call it 'secure technology' for now).

2. They can block servers hosting secure technology to suppress its distribution.

3. They can block bank accounts of the person or company providing secure technology or block users from sending money to those accounts to make sure nobody will not be able to profit out of it.

4. They can make it illegal to use secure technology and punish users.

5. They can force hardware producers to make sure that it would be technically impossible to use secure technology.

What did I forget?

It seems to me that in order to communicate securely, we have to make sure that there is NOT a single point of failure in any of these five things. How?

1. secure technology should not depend on any single person or company - it should be some open source technology with distributed development model - everybody is fungible, developers live in different countries to minimize the risk, if any developer is removed - the technology survives.

2. secure technology is distributed from 'distributed source' (bittorrent or something like that). No single server to block.

3. secure technology is developed for free by idealist freedom-fighters or is financed by some kind of (distributed?) payment channel that is difficult to block/trace.

4. secure technology is not easy to spot and distinguish from other traffic. No specific port or protocol - just some kind of tunneling or VPN like when you are communicating with your bank or company, or maybe transparent end-to-end encryption - because it would be necessary to make illegal the whole internet to suppress this.
Secure technology is also easy to use because it needs to be widely adopted - any law is not practically enforceable when it's broken by everybody - that's the best 'security' from the bad law.

5. well... if any government is able to control hardware production globally - then we are all screwed.

Please consider this some kind of RFC - I am looking forward to your comments so we would be ready in case US democracy fails ;-)

Re: Subject

Operation Dark Heart

As Mike has reported over the years, a lot of this is already in place through Patriot and Patriot 2.0, phone GPS, but is available to DHS. Everything is tapped.

Remember when the US Government decided to build a huge datacenter in Utah? I wonder if this and the Utah Data Center are connected in some way.

This seems to be an expansion specifically to require Blackberry and a few other straggler applications have a backdoor. It's also possible that some cable/telecomms companies that either didn't have the capital or hardware didn't exist to install wiretap capability.

Mandating it will ensure that the bad dudes get caught, I'm sure. And it should be mandated because crime is DOWN over the past decade.

Maybe it's one of those things about working in a bureaucracy. Someone's out there doing something bad like eating pork or hoofed animals.

"...putting backdoors into communications technologies guarantees that those backdoors will be used by others (outside of the federal government) to snoop on communications."

Interplanetary DUH! If you put backdoors into every communication device, even the FBI and the NSA will become easy targets to the spying. It's incredibly easy for someone to leave an unsecure connection open somewhere that any git can use (through the convenient backdoor) to steal sensitive information or gain access to more critical systems.

Also, every critical system must have an access point to the outside world somewhere. Imagine some hacker slipping viruses into your nuclear power plant controls. Chernobyl remix anyone?

Bottom line: Leave secure systems secure. They are secure for a reason! And knock it off with the spying. The cold war is over for a while now.

Another perspective

As Mike has reported over the years, a lot of this is already in place through Patriot and Patriot 2.0, phone GPS, but is available to DHS. Everything is tappable and is very, very expensive to maintain.

First off, the number of intelligence contractors skyrocketed since 9/11. This was partially to address monitoring of citizens through bank, telephone, sms, and other technologies. Today, there are

The US Government decided to build a huge datacenter in Utah recently. I wonder if this and the Utah Data Center are connected in some way. It's logical, because of the recent discussions concerning the number of intellegence contractors with top secret and higher clearances.And Intelligence Contractors writing reports that never get read. It seems to be a desire to get costs under control.

An expansion to allow internet traffic to be tap-able under warrant means that the equipment and applications have to support intercept. Most people think oh, this is good because I'm not going to have a warrant against me.

But I tend to believe this is specifically in place to require Blackberry and a few other straggler applications to have a backdoor. It's also possible that some cable/telecomms companies that either didn't have the capital or hardware didn't exist to install wiretap capability.

Mandating a connection for intercept (lawful or not) will ensure that the bad dudes online get caught. And this should be mandated because crime is DOWN over the past decade.

Re: Another perspective

You're off the mark. This isn't about RIM or "some cable/telecomms companies". I would assume the NSA is already well into their pants already. Don't you wonder why India is making such a big fuss about being able to snoop on Blackberry, yet the US gov't seems to not care?? Why do you think the US is so quiet about that issue? I'd suggest the answer is that they have already achieved what they need.

Nope, this isn't about telcos or RIM, this is about Skype, Facebook, JahJah, Numbr, and a bunch of future communication solutions that haven't been invented yet. Our gov't wants to make a sweeping law that says that any developer that wants to sell into the US needs to install a backdoor, and give them the keys.

Not only will this invade our privacy (4th amendment rights) and make us more vulnerable to crime, but it will also slow down innovation and reduce our range of communication options.

Re:

"5. They can force hardware producers to make sure that it would be technically impossible to use secure technology."

Not possible. Most encryption is software based not hardware. Only allowing certain data formats to route over the internet would literally cripple it. And it would be childs play to write software to pretend to be a video stream, ftp file transfer, or image file, while in all actuallity being an encrypted VOIP call or what ever.

PROTEST: censor yourselves first!

The only way to bring attention to this travesty of freedom is to censor your sites now. Turn off all commenting, all forums, all means of interactivity. Let the casual masses who use the net see what internetTV looks like.

This push and recent Copyright legislation/rulings are designed to make website owners liable for their viewer-supplied content AND shill for the .gov if their visitors are anyone the .gov does not like or is interested in.

The net effect of both combined will be to put a stranglehold on self-publishing to the 'web', FOSS and Linux, all personal freedoms to communicate privately in pubic.

Give the public a taste of that world before the law gets passed or say goodbye to what we all have come to cherish.

This Will Deter The Casual Terrorists

Sure, the truly determined ones will still find a way to pass their messages. But the amateur hobbyists, the go-to-Mosque-on-Sunday-make-a-bomb-on-Monday school, if you like, will be the main target of this law.